<?php

//后台验证的基础类

class AuthAction extends BaseAction{
	public function __construct()
	{
		parent::__construct();
		$this->check_auth();		
	}
	
	/**
	 * 验证检限
	 * 已登录时验证用户权限, Index模块下的所有函数无需权限验证
	 * 未登录时跳转登录
	 */
	private function check_auth()
	{		
		if(intval(app_conf("EXPIRED_TIME"))>0)
		{
			if (isset($_SESSION[app_conf("AUTH_KEY")."expire"]) && $_SESSION[app_conf("AUTH_KEY")."expire"] < get_gmtime()) {
				session(md5(conf("AUTH_KEY")),null);
				session("expire",null);
			}
		}
		
		//管理员的SESSION
		$adm_session = session(md5(conf("AUTH_KEY")));
		$adm_name = $adm_session['adm_name'];
		$adm_id = intval($adm_session['adm_id']);
		$ajax = intval($_REQUEST['ajax']);
		$biz_account = session("account_info");
		$is_auth = 0;
		if(intval($biz_account['id'])>0) //商户允许使用后台上传功能
		{
				if((MODULE_NAME=='File'&&ACTION_NAME=='do_upload')||(MODULE_NAME=='File'&&ACTION_NAME=='do_upload_img'))
				{
					$is_auth = 1;
				}
		}
		
		if($adm_id == 0&&$is_auth==0)
		{			
			if($ajax == 0)
			$this->redirect("Public/login");
			else
			$this->error(L("NO_LOGIN"),$ajax);	
		}		
		
		//开始验证权限，当管理员名称不为默认管理员时	
		//开始验证模块是否需要授权
		$count = M('role_node')->alias('a')->join('__ROLE_MODULE__ b on a.module_id = b.id')->where(array('a.action'=>ACTION_NAME,'b.module'=>MODULE_NAME,'a.is_effect'=>'1','a.is_delete'=>'0','b.is_effect'=>'1','b.is_delete'=>'0'))->count('*');
		
		
		if($adm_name != conf("DEFAULT_ADMIN")&&MODULE_NAME!='Index'&&MODULE_NAME!='Lang'&&$count>0&&$is_auth==0)
		{
			//除IndexAction外需验证的权限列表

			$count = M('role_node')->alias('a')->join('__ROLE_ACCESS__ b on a.id = b.node_id')->join('__ROLE__ c on b.role_id = c.id')->join('__ROLE_MODULE__ d on a.module_id = d.id')->join('__ADMIN__ e on e.role_id = c.id')->where(array('e.id' => $adm_id , 'a.action' => ACTION_NAME,'d.module' => MODULE_NAME,'a.is_effect'=>'1','is_delete'=>'0','d.is_effect'=>'1','d.is_delete'=>'0','c.is_effect'=>'1','c.is_delete' => '0'))->count();
			if($count == 0)
			{				
				//节点授权不足，开始判断是否有模块授权
				$module_count = M('role_access')->alias('a')->join('__ROLE__ b on a.role_id = b.id')->join('__ROLE_MODULE__ c on c.id = a.module_id')->join('__ADMIN__ d on d.role_id = b.id')->where(array('d.id'=>$adm_id,'c.module'=>MODULE_NAME,'a.node_id' => '0','c.is_effect'=>'1','c.is_delete'=>'0','b.is_effect'=>'1','b.is_delete'=>'0'))->count();
				if($module_count == 0)
				{
					if((MODULE_NAME=='File'&&ACTION_NAME=='do_upload')||(MODULE_NAME=='File'&&ACTION_NAME=='do_upload_img'))
					{
						echo "<script>alert('".L("NO_AUTH")."');</script>";
						exit;
					}
					else
					$this->error(L("NO_AUTH"),$ajax);
				}
			}
		}
	}
	
	//index列表的前置通知,输出页面标题
	public function _before_index()
	{
		$this->assign("main_title",L(MODULE_NAME."_INDEX"));
	}
	public function _before_trash()
	{
		$this->assign("main_title",L(MODULE_NAME."_INDEX"));
	}
}
?>